/// <summary>
/// Removes a CRL from the store.
/// </summary>
public bool DeleteCRL(X509CRL crl)
{
if (crl == null)
{
throw new ArgumentNullException("crl");
}
string filePath = m_directory.FullName;
filePath += Path.DirectorySeparatorChar + "crl";
DirectoryInfo dirInfo = new DirectoryInfo(filePath);
if (dirInfo.Exists)
{
foreach (FileInfo fileInfo in dirInfo.GetFiles("*.crl"))
{
if (fileInfo.Length == crl.RawData.Length)
{
byte[] bytes = File.ReadAllBytes(fileInfo.FullName);
if (Utils.IsEqual(bytes, crl.RawData))
{
fileInfo.Delete();
return(true);
}
}
}
}
return(false);
}
/// <summary>
/// Imports a new CRL for group id.
/// </summary>
public async Task ImportIssuerCACrl(string id, X509Certificate2 certificate, Opc.Ua.X509CRL crl, CancellationToken ct = default)
{
try
{
string secretIdentifier = CrlSecretName(id, certificate.Thumbprint);
SecretAttributes secretAttributes = new SecretAttributes()
{
Enabled = true,
NotBefore = crl.UpdateTime
};
// do not set tag for a CRL, the CA cert is already tagged.
var result = await _keyVaultClient.SetSecretAsync(
_vaultBaseUrl,
secretIdentifier,
Convert.ToBase64String(crl.RawData),
null,
ContentTypeCrl,
secretAttributes,
ct)
.ConfigureAwait(false);
}
catch (Exception)
{
// TODO: add logging (is this a fatal error?)
}
}
/// <summary>
/// Gets the CRL file paths.
/// </summary>
/// <param name="thumbprint">The certificate thumbprint.</param>
/// <returns></returns>
public string[] GetCrlFilePaths(string thumbprint)
{
List <string> filePaths = new List <string>();
Entry entry = Find(thumbprint);
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = null;
try
{
crl = new X509CRL(file.FullName);
}
catch (Exception e)
{
Utils.Trace(e, "Could not parse CRL file.");
continue;
}
if (!Utils.CompareDistinguishedName(crl.Issuer, entry.Certificate.Subject))
{
continue;
}
filePaths.Add(file.FullName);
}
return(filePaths.ToArray());
}
/// <summary>
/// Adds a CRL to the store.
/// </summary>
public void AddCRL(X509CRL crl)
{
if (crl == null)
{
throw new ArgumentNullException("crl");
}
X509Certificate2 issuer = null;
X509Certificate2Collection certificates = null;
certificates = Enumerate().Result;
foreach (X509Certificate2 certificate in certificates)
{
if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer))
{
if (crl.VerifySignature(certificate, false))
{
issuer = certificate;
break;
}
}
}
if (issuer == null)
{
throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL.");
}
StringBuilder builder = new StringBuilder();
builder.Append(m_directory.FullName);
builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar);
builder.Append(GetFileName(issuer));
builder.Append(".crl");
FileInfo fileInfo = new FileInfo(builder.ToString());
if (!fileInfo.Directory.Exists)
{
fileInfo.Directory.Create();
}
File.WriteAllBytes(fileInfo.FullName, crl.RawData);
}
/// <summary>
/// Returns the CRLs in the store.
/// </summary>
public virtual List <X509CRL> EnumerateCRLs()
{
List <X509CRL> crls = new List <X509CRL>();
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = new X509CRL(file.FullName);
crls.Add(crl);
}
}
return(crls);
}
/// <inheritdoc/>
public Task <X509CRLCollection> EnumerateCRLs()
{
var crls = new X509CRLCollection();
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = new X509CRL(file.FullName);
crls.Add(crl);
}
}
return(Task.FromResult(crls));
}
/// <summary>
/// Returns the CRLs for the issuer.
/// </summary>
public List <X509CRL> EnumerateCRLs(X509Certificate2 issuer)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
List <X509CRL> crls = new List <X509CRL>();
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + "\\crl");
if (info.Exists)
{
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = new X509CRL(file.FullName);
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.UpdateTime <= DateTime.UtcNow &&
(crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crls.Add(crl);
}
}
}
return(crls);
}
/// <summary>
/// Returns the CRLs for the issuer.
/// </summary>
public List<X509CRL> EnumerateCRLs(X509Certificate2 issuer)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
List<X509CRL> crls = new List<X509CRL>();
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = new X509CRL(file.FullName);
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crls.Add(crl);
}
}
}
return crls;
}
/// <summary>
/// Checks if issuer has revoked the certificate.
/// </summary>
public virtual StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
bool crlExpired = true;
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = null;
try
{
crl = new X509CRL(file.FullName);
}
catch (Exception e)
{
Utils.Trace(e, "Could not parse CRL file.");
continue;
}
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.IsRevoked(certificate))
{
return(StatusCodes.BadCertificateRevoked);
}
if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crlExpired = false;
}
}
// certificate is fine.
if (!crlExpired)
{
return(StatusCodes.Good);
}
}
// can't find a valid CRL.
return(StatusCodes.BadCertificateRevocationUnknown);
}
/// <summary>
/// Removes a CRL from the store.
/// </summary>
public bool DeleteCRL(X509CRL crl)
{
throw new ServiceResultException(StatusCodes.BadNotSupported);
}
/// <summary>
/// Adds a CRL to the store.
/// </summary>
public void AddCRL(X509CRL crl)
{
throw new ServiceResultException(StatusCodes.BadNotSupported);
}
/// <summary>
/// Removes a CRL from the store.
/// </summary>
public bool DeleteCRL(X509CRL crl)
{
throw new ServiceResultException(StatusCodes.BadNotSupported);
}
/// <summary>
/// Adds a CRL to the store.
/// </summary>
public void AddCRL(X509CRL crl)
{
throw new ServiceResultException(StatusCodes.BadNotSupported);
}
/// <summary>
/// Removes a CRL from the store.
/// </summary>
public bool DeleteCRL(X509CRL crl)
{
if (crl == null)
{
throw new ArgumentNullException("crl");
}
string filePath = m_directory.FullName;
filePath += Path.DirectorySeparatorChar + "crl";
DirectoryInfo dirInfo = new DirectoryInfo(filePath);
if (dirInfo.Exists)
{
foreach (FileInfo fileInfo in dirInfo.GetFiles("*.crl"))
{
if (fileInfo.Length == crl.RawData.Length)
{
byte[] bytes = File.ReadAllBytes(fileInfo.FullName);
if (Utils.IsEqual(bytes, crl.RawData))
{
fileInfo.Delete();
return true;
}
}
}
}
return false;
}
/// <summary>
/// Adds a CRL to the store.
/// </summary>
public void AddCRL(X509CRL crl)
{
if (crl == null)
{
throw new ArgumentNullException("crl");
}
X509Certificate2 issuer = null;
X509Certificate2Collection certificates = null;
Task.Run( async () => certificates = await Enumerate()).Wait();
foreach (X509Certificate2 certificate in certificates)
{
if (Utils.CompareDistinguishedName(certificate.Subject, crl.Issuer))
{
if (crl.VerifySignature(certificate, false))
{
issuer = certificate;
break;
}
}
}
if (issuer == null)
{
throw new ServiceResultException(StatusCodes.BadCertificateInvalid, "Could not find issuer of the CRL.");
}
StringBuilder builder = new StringBuilder();
builder.Append(m_directory.FullName);
builder.Append(Path.DirectorySeparatorChar + "crl" + Path.DirectorySeparatorChar);
builder.Append(GetFileName(issuer));
builder.Append(".crl");
FileInfo fileInfo = new FileInfo(builder.ToString());
if (!fileInfo.Directory.Exists)
{
fileInfo.Directory.Create();
}
File.WriteAllBytes(fileInfo.FullName, crl.RawData);
}
/// <summary>
/// Returns the CRLs in the store.
/// </summary>
public List<X509CRL> EnumerateCRLs()
{
List<X509CRL> crls = new List<X509CRL>();
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = new X509CRL(file.FullName);
crls.Add(crl);
}
}
return crls;
}
/// <summary>
/// Checks if issuer has revoked the certificate.
/// </summary>
public StatusCode IsRevoked(X509Certificate2 issuer, X509Certificate2 certificate)
{
if (issuer == null)
{
throw new ArgumentNullException("issuer");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
// check for CRL.
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
if (info.Exists)
{
bool crlExpired = true;
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = null;
try
{
crl = new X509CRL(file.FullName);
}
catch (Exception e)
{
Utils.Trace(e, "Could not parse CRL file.");
continue;
}
if (!Utils.CompareDistinguishedName(crl.Issuer, issuer.Subject))
{
continue;
}
if (!crl.VerifySignature(issuer, false))
{
continue;
}
if (crl.IsRevoked(certificate))
{
return StatusCodes.BadCertificateRevoked;
}
if (crl.UpdateTime <= DateTime.UtcNow && (crl.NextUpdateTime == DateTime.MinValue || crl.NextUpdateTime >= DateTime.UtcNow))
{
crlExpired = false;
}
}
// certificate is fine.
if (!crlExpired)
{
return StatusCodes.Good;
}
}
// can't find a valid CRL.
return StatusCodes.BadCertificateRevocationUnknown;
}
/// <summary>
/// Gets the CRL file paths.
/// </summary>
/// <param name="thumbprint">The certificate thumbprint.</param>
/// <returns></returns>
public string[] GetCrlFilePaths(string thumbprint)
{
List<string> filePaths = new List<string>();
Entry entry = Find(thumbprint);
DirectoryInfo info = new DirectoryInfo(this.Directory.FullName + Path.DirectorySeparatorChar + "crl");
foreach (FileInfo file in info.GetFiles("*.crl"))
{
X509CRL crl = null;
try
{
crl = new X509CRL(file.FullName);
}
catch (Exception e)
{
Utils.Trace(e, "Could not parse CRL file.");
continue;
}
if (!Utils.CompareDistinguishedName(crl.Issuer, entry.Certificate.Subject))
{
continue;
}
filePaths.Add(file.FullName);
}
return filePaths.ToArray();
}
